Commitments by the UK government and others to improve cybersecurity by increased spending are more likely to benefit established security vendors with well-oiled lobbying machines than innovative start-ups, according to one of the pioneers of the industry segment. Nir Zuk, chief technology officer at Palo Alto Networks, reckons …
Startups being shut out
If you don't know how to change the cycle, then go with it! Get bought by a large company who will then lobby governments to get the technology adopted!
Is it just me, or is that obvious?
Guilty by own admission?
So it's checkpoint that's responsible for "blocking all but port 80" because that's so much safer, because it causes all traffic to abuse port 80 instead of using their own assigned port number? Well, thanks so much guys.
Is it impudent to note that it was also some overly bright chaps at a small israeli military intelligence outfit that brought us ICQ? Now apparently the mainstay of Eastern European crime gangs, sayeth the FBI.
Still and all, the guy has a point. But even more so, it's moot. Yes, you can do deeper http inspection and develop things for that and maybe you'd rather have that done by his^Wa startup or something, but it's yet another case of bolt-on security. That, as any half-clued security buff can tell you, is always a recipe for more half-assery and will never really suffice. The only thing that's good for is for better censorship and overwatch technique.
I think that it's a much better idea to fix the entire software stack one piece at a time instead of bolting ever more appliances and magic bullet things onto the network only to find that eventually the software stacks need fixing anyway. Might as well do that right away then.
And, of course, get some serious clue into government to drive the necessairy research and not to forget the not-so-simple elbow-grease-and-grunt effort needed to go out and get that software secured. Mere really big sacks of money don't do it. Picking the right people to drive the thing would go a lot further for a lot less money. Guess what? None of them are available in government.
That is all.
The First thing they need to do...
1. 100% Security Clearance audit comparing (target) with Constitution on date + time of events.
2. Take a hammer, wire snips, or potting compound and SEAL the USB, CD, DVD trays.
3. Get ALL Classified data off the open web. PERIOD.
4. For anyone failing the Security Clearance audit, they are banned for life from Contracting, Accessing Vaults, Networks, Classified Data, or Working as a Civilian for Government or running for office.
5. lets talk BSD and packet sequences
Hang on, you are saying that big customers won't buy stuff from startups...
Let me see if I can work that out... oh yes, sussed it, I'm not going to invest millions and bet my organisations security on a business with no track record of success.
You need to look like a credible supplier if you want to sell to the big boys. In the corporate/government world we want to see your customer logo slide if we are going to be convinced you have credibility.
Think that took about a nano-second for me to work out, suprised someone supposedly so deep in Checkpoint and Juniper couldnt work that out.